introducing rubberduck-mcp
the tool that makes AI coding feel more like pair programming and less like yelling at a robot.
it's open source, cli-first, and helps your AI ask when confused & think out loud while coding.
try it once, you'll never want to code alone again.
and also please tell me what you think. feedback, bugs, ideas all welcome.
One Battle After Another
This is cinema.
Gripping from beginning to end. Classic PTA. Several genres. Masterclass in filmmaking. Sean Penn bombarded it. 162 minutes flashed by.
Semen Demon wants some oscars. Ocean waves. Ocean waves.
Sentimental Value
Beautiful. Soul-melting. Heartwarming film. The sentimental value of home is invaluable.
It depicts the power of art and artists flawlessly. How art can help in the reconciliation of family relationships? How art can help in understanding and relieving the trauma, grief, unspoken words, sadness? How art brings everyone closer? How art helps you in introspection?
It's a very immersive, intense, and intimate film. It explores the strained relationships at its core in a beautiful manner. Everyone was so spectacular. Be it Renate, Stellan, Inga or Elle. I loved the screenplay. Some Persona touches there.
Is it just me or do you also feel like every idea you get already exists somewhere out there?
You finally think you've got a fresh idea, then find a startup, GitHub repo, or Reddit thread already doing it.
And then you start wondering if you'll ever escape your job because maybe there’s nothing truly new left to create?
I think this can be done using different techniques / combination of them.
As mentioned, simple IP blocking is useless. Therefore, it's better to focus on behavioral detection. We can track failed login attempts per account, per device, and per IP range. For example, if a single account sees 100 failed logins from different IPs in a few minutes, that's a red flag definitely. Or let's say if a single IP attempts failed logins into hundreds of account, another red flag.
Once we have this behavioral detection in place, and its respective data visibility, we can introduce CAPTCHA. If we detect suspicious activity like the examples mentioned above, show a CAPTCHA. This won't impact the genuine user's experience as we will be having a threshold / rules for flagging an activity as suspicious. So five or ten failed login attempts into an account from a single IP is fine. That's not suspicious.
I was reading about an interesting concept - credential-stuffing detection. This can be integrated here. We can connect with Have I Been Pwned API or even maintain our own local list of known breached passwords. What's the benefit? If a login attempt uses a known breached password, immediately trigger MFA (multi-factor authentication) or even better block the login altogether and ask user to reset their password (sent the reset password link on their respective email). This way, you're blocking suspicious activity, and also thinking about your user's benefit.
Also, MFA is the game changer here. Everyone should definitely implement / enable it (both - developers and users).
Another option, and this time at infrastructure level - we can use WAF or CDN bot management layer like Cloudflare's bot protection or AWS WAF with managed rules.
Last but not the least, monitoring and alerting is compulsory here on different metrics. This helps us in analyzing the overall behavior and adjusting the thresholds / rules accordingly.
I think a simple queue can handle a decent load, but I can't say if it will be good for that kind of sustained spike. It supports limited parallelism. Also, messages in simple queue are typically deleted once consumed, so if a worker crashes or for some reason we need to replay events, we don't have that history anymore.
With Kafka, we get partitioning, so each seat shard can map to its own partition, and therefore we get natural ordering and horizontal scalability. Also, it can handle millions of messages per second, keep the history, and multiple services (if required) can consume the same messages independently.